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Abstract. Let p be a odd prime such that 2 is a primitive element 
of finite field ¥p. In this short note we propose a new algorithm 
for the computation of discrete logarithm in F*. This algorithm is 
based on elementary properties of finite fields and is purely theo- 
retical in nature. 



Introduction 

Consider a finite field F^ (also denoted by GF(g)), where q = p^, p 
is a prime and r G N := {1, 2, 3, . . .}. Let a be a primitive element of 
¥q i.e., generator of the multiplicative cyclic group F*. For arbitrary 
element 6 G F* computing nGN, n<g — 1 such that 

(1) b = a" modp 

is known as discrete log problem (DLP) in F*. Discrete log computa- 
tion in finite fields is an important problem mainly due to applications 
of these groups in cryptography. Beginning with Diffie-Hellman key 
exchange protocol [3J, El ElGamal encrypt ion/ signature scheme |3] the 
DLP in F* has been used as basic mathematical primitive in many cryp- 
tographic schemes, and security of these systems depend on difficulty 
of DLP in respective F*. It is rather difficult to give even reasonably 
good list of references to all the work involving DLP in F*, however 
[01 [EJ are good to begin with. 

In the last couple of decades DLP in F* has been studied extensively 
and several algorithms have been proposed for the computation same. 
Most efficient algorithm for the computation of DLP is the one based 
on Number Field Sieve [5], [9] . See also [21 [7| for results which are not 
computationally oriented but certainly give insight into the problem of 
DLP in F*. In this short note we are focused on odd primes p for which 2 
is primitive element of Fp. For such primes we propose a new algorithm 
to compute discrete logarithm in F*. The proposed algorithm is based 
on elementary properties of finite fields and is purely theoretical in 
nature. Further, complexity of the algorithm is exponential, and as 
such it is not being suggested for any computational purposes. This 
short note has two sections. In section [T] we begin with basic results 
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needed and then explain the algorithm in detail. In section[2]we analyze 
the complexity of the algorithm. 

1. The Algorithm 

In reminder of this note p denotes odd prime and r G N. By log^ b = 
n we mean n as in ([T]). We begin with following simple results. 

1.1. Mini Lemma. Let a,b & ¥*, {q = p^) he such that a + b = 
O(modp), then for any primitive element a of¥q we have, 

q-1 

log„ a - log„ b = log^ b - log„ a = mod(g - 1). 

Proof. For any a, 6 G F* we have, 

a b 

a + b = O(modp) <^=^ - = - = — l(modp). 

b a 

Computing discrete logarithm with respect to any primitive element a 
of ¥q, we have, 

loga T = loga " = loga « " log„ b = log„(-l). 

a 

Now the conclusion follows from the simple observation, 
(2) iogJ-l) = i^ mod(g-l). 

□ 

1.2. Remark. The result is true in more generality: Let G be a finite 
cyclic group of even order say, 2m. Suppose a is a primitive element 
of G. It is easy to see that the element (3 = is the only non-trivial 
element fixed by all automorphisms of G. This implies that the discrete 
logarithm of /3 is independent of primitive element a of G and is equal 
to m. In case of G = Fg, we have ([2]). 

The proposed algorithm depends on above lemma and following sim- 
ple fact: 

Fact 1. Let a, 6 G N, 1 < a, 6 < j9 be such that a + b = p, then precisely 
one of a, 6 is divisible by 2. 

Before we explain the algorithm we remind that this algorithm com- 
putes n in ([T]) when p is a odd prime such that 2 is a primitive ele- 
ment of Fp. A necessary condition for such a thing to happen is that 
p = ±3 (mod 8) [U Chap 4]. Next we explain the proposed algorithm 
with the help of simple example. 

Example. Consider the cyclic group F37 which is generated by 2. Sup- 
pose we want to find log2 3. Noting that all the operations are per- 
formed mod 37, the proposed algorithm works as follows 
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We have 3 + 34 = 37 and hence 



3 



34 



2 -(-17) 
:2-(4-5) 
2^ ■ 2^ ■ (- 



= 2^ ■ 5 : 

1) = 2« 



2 ■ 20 



2 



2^ ■ (-32) 



18 



2 



,26 



We have logs (3) = 26. 

Now we are ready to state the algorithm. 



Algorithm 1 

INPUT: Element b of F; 

OUTPUT: Discrete Log of b to base 2 

1: Initialize Out = 

2: if 6 = 1 then 

3: return 

4: end if 

5: while 6 7^ 1 do 

6: Find the max power of 2 that divides b 
7: if k = then 

8: b = p — b 

9: Out = Out + (j9- l)/2 (mod (p- 1)) 
10: else 

11: 6 = 6/(2'=), Out = Out + A;(mod(p-l)) 
12: end if 
13: end while 



Next we prove that the Algorithm [T] converges. 

Proof. Suppose we want to compute logg b {b E N,l < b < p) in ¥*. 
Let 6 = 2^6', 6' not divisible by 2, then logs b = r + logs ^'^ ^^^1 hence if 
needed we can replace b by b' and assume that b is not divisible by 2. 
Since we are assuming that 2 is primitive element of F*, there exists t 
such that 1 < t < p — 1 and 



Let bo = p — b. Since b is not divisible by 2 we have that 6o is divisible 
by 2. Let b^ = 2^bi where r G N and bi is not divisible by 2. If 6i = 1, 
we are done. Otherwise, 

Claim, r < t. 

Suppose not; let r = t + s, s G N, then from ([3]) we have. 



(4) (-6i)2'' = 2*(modp) =^ p divides 2* + 6i2*+^ = 2*(1 + bi2') 



(3) 



b = 2*(modp). 
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and hence p divides (l + 6i2''). On the other hand (l + 6i2'^) < b+bo = p 
and hence the only way p can divide (1 + 6i2'') is if 1 + 61 2^* = in Z, 
which clearly is not the case. 
So we have 

(5) -bi=2'-'{modp). 

Now we are back to (E]) with b = p — bi and t = t — r. Thus, after at 
most t iterations the algorithm stops and returns value of log2 b. □ 

2. Analysis of The Algorithm 

Throughout this section p denotes odd primes for which 2 is primitive 
element of ¥p. For a given b G F*, to compute log2 b, Algorithm!!] re- 
peats steps (6) — (8) each time replacing b hj p—b' until b' = ±l(modp). 
The space requirements to execute the algorithm are not significant, 
but the order of growth of computations is 0(2^^"^^/^). This algo- 
rithm does not give any advantages over the existing algorithms in 
terms of complexity. Our computational experiments with the algo- 
rithm suggested that while implementation of the algorithm worst case 
scenario (in terms of time taken to compute) occurred while calculating 
log2((p — l)/2). However one can easily check, 

p-1 p-3 
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